W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > October 2012

[Bug 18085] "all content using the http+aes scheme on the same host (and same port) shares the same origin and can therefore leak the keys" - unless there's a use case for supporting this, it seems more robust to make http(s)+aes never be same-origin

From: <bugzilla@jessica.w3.org>
Date: Mon, 22 Oct 2012 07:32:46 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-18085-2486-fzCxYEF5Tm@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=18085

Michael[tm] Smith <mike@w3.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |WORKSFORME

--- Comment #1 from Michael[tm] Smith <mike@w3.org> ---
The http+aes scheme/feature is not part of the W3C HTML5 spec and has also been
dropped from the upstream WHATWG HTML spec.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
Received on Monday, 22 October 2012 07:32:47 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 22 October 2012 07:32:47 GMT